SB2025092368 - Use-after-free in Linux kernel net can driver
Published: September 23, 2025
Security Bulletin ID
SB2025092368
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2025-39873)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xcan_write_frame() function in drivers/net/can/xilinx_can.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1139321161a3ba5e45e61e0738b37f42f20bc57a
- https://git.kernel.org/stable/c/668cc1e3bb21101d074e430de1b7ba8fd10189e7
- https://git.kernel.org/stable/c/725b33deebd6e4c96fe7893f384510a54258f28f
- https://git.kernel.org/stable/c/94b050726288a56a6b8ff55aa641f2fedbd3b44c
- https://git.kernel.org/stable/c/ef79f00be72bd81d2e1e6f060d83cf7e425deee4